[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Reflow the changelog again.
commit 532a43ed3ff3b11b3ee23d4abb87ef77a94c4ed6
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Thu Feb 4 13:19:07 2016 -0500
Reflow the changelog again.
---
ChangeLog | 170 +++++++++++++++++++++++++++++++-------------------------------
1 file changed, 85 insertions(+), 85 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 02a9e86..ef75b54 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,76 +2,68 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
Tor 0.2.8.1-alpha is the first alpha release in its series. It
includes numerous small features and bugfixes against previous Tor
versions, and numerous small infrastructure improvements. The most
- notable features are a set of improvements to the directory
- subsystem.
-
- o Major key updates:
- - Update the V3 identity key for the dannenberg directory authority:
- it was changed on 18 November 2015. Closes task 17906. Patch by
- "teor".
-
- o Removed features:
- - Remove client-side support for connecting to Tor servers running
- versions of Tor before 0.2.3.6-alpha. These servers didn't support
- the v3 TLS handshake protocol, and are no longer allowed on the
- Tor network. Implements the client side of ticket 11150. Based on
- patches by Tom van der Woerdt.
+ notable features are a set of improvements to the directory subsystem.
o Major features (security, Linux):
- - When Tor starts as root on Linux and is told to switch user ID,
- it can now retain the capability to bind to low ports. By
- default, Tor will do this only when it's switching user ID and
- some low ports have been configured. You can change this behavior
- with the new option KeepBindCapabilities. Closes ticket 8195.
+ - When Tor starts as root on Linux and is told to switch user ID, it
+ can now retain the capability to bind to low ports. By default,
+ Tor will do this only when it's switching user ID and some low
+ ports have been configured. You can change this behavior with the
+ new option KeepBindCapabilities. Closes ticket 8195.
o Major features (directory system):
- - When bootstrapping we not launch multiple consensus downloads
- at a time, use the first one that starts downloading, and close the
- rest. This reduces failures when authorities or fallback directories are slow or down.
- Together with the code for feature 15775, this feature should reduces failures due
- to fallback churn. Implements ticket 4483.
- Patch by "teor". Implements IPv4 portions
+ - When bootstrapping we not launch multiple consensus downloads at a
+ time, use the first one that starts downloading, and close the
+ rest. This reduces failures when authorities or fallback
+ directories are slow or down. Together with the code for feature
+ 15775, this feature should reduces failures due to fallback churn.
+ Implements ticket 4483. Patch by "teor". Implements IPv4 portions
of proposal 210 by "mikeperry" and "teor".
- - Include a trial list of default fallback directories, based
- on an opt-in survey of suitable relays. Doing this should make
- clients bootstrap more quickly and reliably, and reduce the
- load on the directory authorities. Closes ticket 15775. Patch by
- "teor". Candidates identified using an OnionOO script by "weasel", "teor", "gsathya",
- and "karsten".
+ - Include a trial list of default fallback directories, based on an
+ opt-in survey of suitable relays. Doing this should make clients
+ bootstrap more quickly and reliably, and reduce the load on the
+ directory authorities. Closes ticket 15775. Patch by "teor".
+ Candidates identified using an OnionOO script by "weasel", "teor",
+ "gsathya", and "karsten".
- Previously only relays that explicitly opened a directory port
(DirPort) accepted directory requests from clients. Now all
- relays, with and without a DirPort,
- accept and serve tunneled directory requests that they
- receive through their ORPort. You can disable this behavior using
- the new DirCache option.
- Closes ticket 12538.
+ relays, with and without a DirPort, accept and serve tunneled
+ directory requests that they receive through their ORPort. You can
+ disable this behavior using the new DirCache option. Closes
+ ticket 12538.
+
+ o Major key updates:
+ - Update the V3 identity key for the dannenberg directory authority:
+ it was changed on 18 November 2015. Closes task 17906. Patch
+ by "teor".
o Minor features (security, clock):
- - Warn when the system clock appears to move back in time (when the state
- file was last written in the future). Tor doesn't know that
+ - Warn when the system clock appears to move back in time (when the
+ state file was last written in the future). Tor doesn't know that
consensuses have expired if the clock is in the past. Patch by
"teor". Implements ticket 17188.
o Minor features (security, exit policies):
- - ExitPolicyRejectPrivate now rejects more private addresses by default.
- Specifically, it now rejects the relay's outbound bind addresses (if
- configured), and the relay's configured port addresses (such as
- ORPort and DirPort). Fixes bug 17027; bugfix on 0.2.0.11-alpha.
- Patch by "teor".
+ - ExitPolicyRejectPrivate now rejects more private addresses by
+ default. Specifically, it now rejects the relay's outbound bind
+ addresses (if configured), and the relay's configured port
+ addresses (such as ORPort and DirPort). Fixes bug 17027; bugfix on
+ 0.2.0.11-alpha. Patch by "teor".
o Minor features (security, memory erasure):
- Set the unused entires in a smartlist to NULL. This helped catch
a (harmless) bug, and shouldn't affect performance too much.
Implements ticket 17026.
- Use SecureMemoryWipe() function to securely clean memory on
- Windows. Previously we'd use OpenSSL's OPENSSL_cleanse() function. Implements feature 17986.
+ Windows. Previously we'd use OpenSSL's OPENSSL_cleanse() function.
+ Implements feature 17986.
- Use explicit_bzero or memset_s when present. Previously, we'd use
OpenSSL's OPENSSL_cleanse() function. Closes ticket 7419; patches
from <logan@xxxxxxxxxx> and <selven@xxxxxxxxxx>.
- - Make memwipe() do nothing when passed a NULL pointer or buffer of zero size.
- Check size argument to memwipe() for underflow. Fixes bug 18089;
- bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", patch
- by "teor".
+ - Make memwipe() do nothing when passed a NULL pointer or buffer of
+ zero size. Check size argument to memwipe() for underflow. Fixes
+ bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk",
+ patch by "teor".
o Minor features (security, RNG):
- Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely,
@@ -79,17 +71,17 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
internal details of OpenSSL's behavior. Closes ticket 17686.
- Never use the system entropy output directly for anything besides
seeding the PRNG. When we want to generate important keys, instead
- of using system entropy directly, we now hash it with the PRNG stream.
- This may help resist certain attacks based on broken OS entropy
- implementations. Closes part of ticket 17694.
- - Use modern system calls (like getentropy() or getrandom()) to generate strong entropy on platforms
- that have them. Closes ticket 13696.
+ of using system entropy directly, we now hash it with the PRNG
+ stream. This may help resist certain attacks based on broken OS
+ entropy implementations. Closes part of ticket 17694.
+ - Use modern system calls (like getentropy() or getrandom()) to
+ generate strong entropy on platforms that have them. Closes
+ ticket 13696.
o Minor features (accounting):
- - Added two modes to the AccountingRule option: One for limiting only
- the number of bytes sent ("AccountingRule out"), and one for
- limiting only the number of bytes
- received ("AccountingRule in").
+ - Added two modes to the AccountingRule option: One for limiting
+ only the number of bytes sent ("AccountingRule out"), and one for
+ limiting only the number of bytes received ("AccountingRule in").
Closes ticket 15989; patch from "unixninja92".
o Minor features (build):
@@ -106,10 +98,10 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
- New 'GETINFO hs/service/desc/id/' command to retrieve a hidden
service descriptor from a service's local hidden service
descriptor cache. Closes ticket 14846.
- - Add 'GETINFO exit-policy/reject-private/[default,relay]', so
- controllers can examine the
- the reject rules added by ExitPolicyRejectPrivate. This makes
- it easier for stem to display exit policies.
+ - Add 'GETINFO exit-policy/reject-private/[default,relay]', so
+ controllers can examine the the reject rules added by
+ ExitPolicyRejectPrivate. This makes it easier for stem to display
+ exit policies.
o Minor features (crypto):
- Add SHA512 support to crypto.c. Closes ticket 17663; patch from
@@ -124,23 +116,24 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
Fixes bug 17544; bugfix on 0.2.5.3-alpha.
o Minor features (directory downloads):
- - Wait for busy authorities and fallback directories to become non-busy when
- bootstrapping. (A similar change was made in 6c443e987d for
- directory caches chosen from the consensus.) Closes ticket 17864;
- patch by "teor".
+ - Wait for busy authorities and fallback directories to become non-
+ busy when bootstrapping. (A similar change was made in 6c443e987d
+ for directory caches chosen from the consensus.) Closes ticket
+ 17864; patch by "teor".
- Add UseDefaultFallbackDirs, which enables any hard-coded fallback
- directory mirrors. The default is 1; set it to 0 to disable fallbacks.
- Implements ticket 17576. Patch by "teor".
+ directory mirrors. The default is 1; set it to 0 to disable
+ fallbacks. Implements ticket 17576. Patch by "teor".
o Minor features (geoip):
- Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
Country database.
o Minor features (IPv6):
- - Add an argument 'ipv6=address:orport' to the DirAuthority and FallbackDir
- torrc options, to specify an IPv6 address for an authority or fallback directory. Add hard-coded ipv6 addresses for directory
- authorities that have them. Closes ticket
- 17327; patch from Nick Mathewson and "teor".
+ - Add an argument 'ipv6=address:orport' to the DirAuthority and
+ FallbackDir torrc options, to specify an IPv6 address for an
+ authority or fallback directory. Add hard-coded ipv6 addresses for
+ directory authorities that have them. Closes ticket 17327; patch
+ from Nick Mathewson and "teor".
- Add address policy assume_action support for IPv6 addresses.
- Limit IPv6 mask bits to 128.
- Warn when comparing against an AF_UNSPEC address in a policy, it's
@@ -191,9 +184,9 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
need for CAP_READ_SEARCH when using systemd's
CapabilityBoundingSet, or dac_read_search when using SELinux.
Implements part of ticket 17562. Patch from Jamie Nguyen.
- - Introduce a new DataDirectoryGroupReadable option. If it is set to 1, the
- DataDirectory will be made readable by the default GID. Implements
- part of ticket 17562. Patch from Jamie Nguyen.
+ - Introduce a new DataDirectoryGroupReadable option. If it is set to
+ 1, the DataDirectory will be made readable by the default GID.
+ Implements part of ticket 17562. Patch from Jamie Nguyen.
o Minor bugfixes (accounting):
- The max bandwidth when using 'AccountRule sum' is now correctly
@@ -212,11 +205,11 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
o Minor bugfixes (compilation):
- Mark all object files that include micro-revision.i as depending
- on it, so as to make parallel builds more reliable.
- Fixes bug 17826; bugfix on 0.2.5.1-alpha.
- - Don't try to use the pthread_condattr_setclock() function unless it
- actually exists. Fixes compilation on NetBSD-6.x. Fixes bug 17819;
- bugfix on 0.2.6.3-alpha.
+ on it, so as to make parallel builds more reliable. Fixes bug
+ 17826; bugfix on 0.2.5.1-alpha.
+ - Don't try to use the pthread_condattr_setclock() function unless
+ it actually exists. Fixes compilation on NetBSD-6.x. Fixes bug
+ 17819; bugfix on 0.2.6.3-alpha.
- Fix backtrace compilation on FreeBSD. Fixes bug 17827; bugfix
on tor-0.2.5.2-alpha.
- Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
@@ -308,10 +301,10 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
- Move logging of redundant policy entries in
policies_parse_exit_policy_internal into its own function. Closes
ticket 17608; patch from "juce".
- - Extract the more complicated parts of circuit_mark_for_close() into
- a new function that we run periodically before circuits are freed. This
- change removes more than half of the functions currently in the
- "blob". Closes ticket 17218.
+ - Extract the more complicated parts of circuit_mark_for_close()
+ into a new function that we run periodically before circuits are
+ freed. This change removes more than half of the functions
+ currently in the "blob". Closes ticket 17218.
- Clean up a little duplicated code in
crypto_expand_key_material_TAP(). Closes ticket 17587; patch
from "pfrankw".
@@ -326,8 +319,8 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
simplifies Tor's callback and prevents the directory-request
launching code from invoking itself recursively. Closes
ticket 17589
- - Remove code for configuring OpenSSL dynamic locks; OpenSSL doesn't use them.
- Closes ticket 17926.
+ - Remove code for configuring OpenSSL dynamic locks; OpenSSL doesn't
+ use them. Closes ticket 17926.
o Documentation:
- Add a description of the correct use of the '--keygen' command-
@@ -339,6 +332,13 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
whenever we mention a document that belongs in torspce. Fixes
issue 17392.
+ o Removed features:
+ - Remove client-side support for connecting to Tor servers running
+ versions of Tor before 0.2.3.6-alpha. These servers didn't support
+ the v3 TLS handshake protocol, and are no longer allowed on the
+ Tor network. Implements the client side of ticket 11150. Based on
+ patches by Tom van der Woerdt.
+
o Testing:
- Add unit tests to check for common RNG failure modes, such as
returning all zeroes, identical values, or incrementing values
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits